UPDATE: After many complaints about the recent change that allowed apps to access your phone number and address, facebook has temporarily disabled sharing the information until they have a more explicit way of notifying the user (you) when you’re sharing this information. Since this article focuses on Facebook security in a broader sense, I still feel it is an important for any Facebook user.
Would you allow me to print off the details you’ve shared in your Facebook profile, and post them up in public? Facebook information IS NOT SECRET.
Were you kind enough to include your address? How about your phone number? I already know your name, what you look like, and who many of your friends are. Are they sharing pictures of you? Think I might be able to figure out where you go out to on the weekends based on the pictures they’ve shared?
Starting to think a little more about what might be out there? Good. Now let’s get down to business.
The first rule of Facebook is: every single thing you post on Facebook (private or not) will probably end up in the hands of someone you don’t know. There are several contributing factors to this problem:
1: Facebook had suffered routine security breaches for years now.
2: Facebook adds new sharing features all the time. These new features default to “ON” meaning your previously private information may become shared at any time. Today is a great example of this, Facebook now shares your phone number and address with any Facebook apps that request it. Which apps have you installed? Do you think Farmville should have your phone number? Tough!
3: Friends can share information about you, such as tagging you in a photo (which could include some incriminating comments). You have no control over the security of these tags.
4: GPS is now everywhere. Have you been using a smartphone to post pictures and check into Facebook Places? Did you know I can use that information to get an idea of your daily schedule? That might be useful if someone wanted to visit your house while you were away… or alone.
5: Our forgetfulness. Can you tell me right now exactly what information you have and have not included in your profile?
Today I’m going to focus on one thing: how to review what Facebook apps you’re using that may now potentially have access to your phone number and address. In a future update, I’ll review some other worthwhile security settings. For now, check out what my current sharing settings look like:
That’s a good start, but let’s look at application settings.
To get there, log into your Facebook account, and select Privacy Settings from the Account drop down on the top right corner.
Next, click on “Edit your settings” under the Apps and Websites section in the bottom left of your Privacy Settings page. Here’s what the page should look like (I’ve redacted some details from the picture since this example is from my profile).
Take your time and look through this page, there’s more here than I’ll cover (and the settings available here will increase over time). While writing this article, I discovered that the places I check into had been automatically shared to all the apps I use. I expect you will find some similar sharing you might not be comfortable with.
First, we’ll visit the settings in the “Apps you use” section.
Click the corresponding Edit Settings button, and take a look at the apps that may now access your address and phone number. I highly recommend removing any apps you don’t specifically need. Actually, I’d recommend clicking that “Turn off all platform apps” button in the main Apps you use section, but I’m trying to be realistic.
Finish up removing apps you don’t use, and give them some appropriate settings.
Moving on, we’ll take a look at “Info accessible through your friends” Do yourself a favor and simply disable this. Why? Read the fine print.
Did you catch that? “Your name, profile picture, gender, networks and user ID (along with any other information you’ve set to everyone) is available to friends’ applications unless you turn off platform applications and websites.”
Which means… I can get your name, see what you look like, where you’re from, and where you live now, and ANY OTHER INFORMATION YOUVE MADE PUBLIC though an app that a friend of yours has installed. That little line at the bottom of this last picture is why my settings in the first picture are so strict (and why they don’t include any “Everyone” options). I suggest you copy my settings in all the above pictures, but feel free to disagree. Just keep in mind that it doesn’t take anyone special to write a Facebook app. And anyone who has had some malware on their computer knows that not all app developers are nice people.
Disable this stuff, save your changes, and enjoy a slightly safer Facebook experience. Just don’t forget to check back often since new features are enabled by default.
Resources:
Facebook announces it will share cellphone and address information: http://developers.facebook.com/blog/post/446
Facebook re
